9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.9%
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg,
as used in Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344, allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly have unspecified other impact
via a crafted WebM file, related to buffers for (1) the channel floor and
(2) the channel residue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | chromium-browser | < 8.0.552.237~r70801-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | chromium-browser | < 8.0.552.237~r70801-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | ffmpeg | < 3:0.cvs20070307-5ubuntu7.6 | UNKNOWN |
ubuntu | 9.10 | noarch | ffmpeg | < 4:0.5+svn20090706-2ubuntu2.3 | UNKNOWN |
ubuntu | 10.04 | noarch | ffmpeg | < 4:0.5.1-1ubuntu1.1 | UNKNOWN |
ubuntu | 10.10 | noarch | ffmpeg | < 4:0.6-2ubuntu6.1 | UNKNOWN |